RENARKS 

[0002] Herein "Office Action" or "Action" refers to the Office Action dated 
January 23, 2008. 

[0003] Applicant respectfully requests entry of the following remarks and 
reconsideration of the subject application. Applicant respectfully requests entry of 
the amendments herein. The remarks and amendments should be entered under 
37 C.F.R. §1.116 as they place the application in better form for appeal, or for 
resolution on the merits. 

[0004] Applicant respectfully requests reconsideration and allowance of all 
of the claims of the application. Claims 16, 18-23, and 61-74 are presently 
pending. Claims 16, 18-19, 22-23, 61-63, and 68-74 are amended herein. No 
claims are withdrawn or cancelled herein. No new claims are added herein. 

Formal! Request for an Interview 

[0005] If the Examiner's reply to this communication is anything other than 
allowance of all pending claims, then I formally request an interview with the 
Examiner. I encourage the Examiner to call me— the undersigned representative 
for the Applicant— so that we can talk about this matter so as to resolve any 
outstanding issues quickly and efficiently over the phone. 

[0006] Please contact me or my assistant to schedule a date and time for a 
telephone interview that is most convenient for both of us. While email works 
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great for us, I welcome your call to either of us as well. Our contact information 
may be found on the last page of this response. 



Claim Amendments 

[0007] Without conceding the propriety of the rejections herein and in the 
interest of expediting prosecution, Applicant amends claims 16, 18-19, 22-23, 61- 
63, and 68-74 herein. 

Formal Hatters 

[0008] This section addresses any formal matters (e.g., objections) raised 
by the Examiner. 

S pecification 

[0009] The Examiner objects to various paragraphs of the specification for 
miscellaneous typographical and other errors. Herein, Applicant amends several 
of the paragraphs of the Specification, as shown above, to correct the 
Informalities noted by the Examiner. 

[0010] As to "cachekey," the Examiner asserts that there is no common 
definition for this word and that "cachekey" has not been defined in the 
specification. The Applicant respectfully disagrees. 

[ooii] The Applicant asserts that "cachekey" does have sufficient common 
meaning to enable one having ordinary knowledge in the relevant field(s) to 
understand and practice what is described in the Specification. For example, the 
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term is used by those who program in the Java programming language. In 
particular, Cachekey has been used as a class in the Java programming language 
in the package org.hibernate.cache. Other instances of use of the term cachekey 
are publicly available, 

[00123 In addition, the Applicant is free to define terms within the 
Specification even to the point of defining words contrary to their ordinary 
meaning. See MPEP 706.03(d), \ 7.34.02, and Process Control Corp. v. 
HydReclaim Corp., 190 F.3d 1350, 1357, 52 USPQ2d 1029, 1033 (Fed. Cir. 1999). 

[0013] Further, the Applicant asserts that the plain meaning of the word 
"cachekey" (broken into its constituent parts) combined with the Specification 
provides adequate definition of this term and no amendment to the Specification 
is necessary in this regard. For Example, in paragraph 52, the Specification 
states that the "NameHash is employed as a cachekey for storage of client- 
specific data in the primary cache memory/' The Applicant asserts that a person 
having ordinary skill in the art would know what a cachekey is and how to use it 
within the use of this term in the Specification. The Applicant respectfully asks 
the Examiner to withdraw the objection to this term. 

[0014] Finally, the objection to the use of cachekey is made moot. In order 
to clarify cachekey, the Specification has been amended in this Response (as 
shown above) such that "cachekey" now is written "cache key." If the Examiner 
persists in the objection to this term in the Specification, and in the rejection of 
claims containing "cachekey," the Applicant respectfully asks the Examiner for 
more particular direction as to how to remedy such objection and/or rejection. 
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Drawings 

[0015] The Examiner objects to Figures 5, 6 and 7 because "it is not clear 
that the first two steps in each flow chart ... are performed at different 
locations." Applicant submits replacement drawings to correct the informalities 
noted by the Examiner. 

Claims 

[0016] The Examiner objects to claims 8, 16, 18, 22-23, 61, 63 and 68-74 
for various typographical and grammatical errors. Herein, Applicant amends 
these claims, as shown above, to correct the informalities noted by the Examiner. 
The objections are thereby made moot. The Applicant respectfully asks the 
Examiner to withdraw the objection to these claims. 

Substantive Matters 

Claim Rejections under § 112, First Paragraph 

[0017] Claims 62 and 69-74 are rejected under 35 U.S.C. § 112, First 
Paragraph for failing to comply with the enablement requirement. The Applicant 
traverses this rejection. 

[0018] The Examiner asserts that the term "cachekey" is indefinite because 
it supposedly does not have any meaning in the art and that undue 
experimentation would be required. The Applicant respectfully disagrees. 
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[0019] The Applicant asserts that "cachekey" has sufficient meaning to 
enable one having ordinary knowledge in the relevant field(s) to understand and 
practice what is described in the Specification. For example, the term is used by 
those who program in the Java programming language. In particular, Cachekey 
has been used as a class in the Java programming language in the package 
org.hibernate.cache. Other instances of the use of cachekey are publicly 
available. 

[0020] The Applicant also asserts that the plain meaning of the word 
"cachekey" (broken into its constituent parts) combined with the Specification 
provides adequate definition of this term and no amendment to the Specification 
is necessary in this regard. For Example, in paragraph 52, the Specification 
states that the "NameHash is employed as a cachekey for storage of client- 
specific data in the primary cache memory." The Applicant asserts that a person 
having ordinary skill in the art would know that a cachekey can be a key which is 
used in the sense of a database and that this key can be used to access or look 
up or find other data in "cache memory" as stated in the Detailed Description. 
The Applicant respectfully asks the Examiner to withdraw the rejection on at 
least this basis. 

[0021] Finally, the rejection of claims 61-74 based on the use of cachekey is 
made moot. In order to clarify cachekey, these claims have been amended as 
shown above such that "cachekey" now is written "cache key." If the Examiner 
persists in the rejection of these claims for the use of "cache key," the Applicant 
respectfully asks the Examiner for more particular direction as to how to remedy 
the rejection. 

Serial No.: 10/608,653 

Arty Docket No.: MS1-1430US iQef^HBS/QS The Business of IP TU 

Atry/ Agent; John C. Meline wmic-ei^cum 503324 0255 



Claim Rejections under §112 Second Paragraph 

[0022] Claims 61-74 are rejected under 35 U.S.C. § 112, Second Paragraph, 
as being indefinite. In light of the amendments presented herein, Applicant 
submits that these rejections are moot Accordingly, Applicant asks the Examiner 
to withdraw these rejections. 

Ciaim Rejections under § 103 

[0023] The Examiner rejects claims 16, 18-23 and 61-74 under § 103. For 
the reasons set forth below, the Examiner has not made a prima facie case 
showing that the rejected claims are obvious. 

[0024] Accordingly, Applicant respectfully requests that the § 103 rejections 
be withdrawn and the case be passed along to issuance. 

[0025] The Examiner's rejections are based upon the following references 
alone and/or in combination: 

® ^ewcombe: Newcombe, et ai, US Patent Publication No. 

2003/0172269 (published September 11, 2003); and 
• Chang: Chang, et ai, US Patent No. 6,952,781 (issued October 4, 
2005). 

Overview of the Application 

[0026] The Application describes a process for requesting authentication 
which includes transmitting a hash digest formed from first set of client-specific 
data together with a second set of client-specific data and receiving, in response, 
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an indication of acceptance when the hash digest and second client-specific data 
correspond to a valid client authentication request. (Application, Abstract) 

Cited References 

[0027] The Examiner cites Newcombe as the primary reference in the 
obviousness-based rejections, The Examiner cites Chang as a secondary 
reference in the obviousness-based rejections. 

Newcombe 

[0028] Newcombe describes a method and system for enabling 
authentication in a distributed environment. The method employs a hashed 
salted password associated with a user in part to pre-authenticate the user. If the 
user is pre-authenticated, a ticket is transmitted to a client. The ticket includes a 
cryptographic digest of a concatenation of the local and remote addresses that is 
exclusive or'ed with a timestamp to generate a modified authenticator. The 
modified authenticator is directed at binding the timestamp to the client to 
minimize reuse of an authenticator. A packet that includes the authenticator is 
sent to a server. The server is configured to determine another remote and local 
IP address associated with the packet. Employing the remote and local 
addresses, the server extracts the timestamp from the modified authenticator. If 
the timestamp is within a pre-determined time window, the user may be 
authenticated. (Newcombe, Abstract) 
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Chang 



[0029] Chang describes a mechanism for establishing a plurality of sessions 
between a client and a first server based on a single input of user authenticating 
information. A request to establish a connection between the client and the first 
server is received. The request includes identification information for 
authenticating a requesting user. Based on the identification information, a 
determination is made as to whether the connection between the client and the 
first server should be established. If it is determined that the connection 
between the client and the first server should be established, the identification 
information is cached in memory and the connection between the client and the 
first server is allowed to be established. Subsequent connection requests from 
the same client are authenticated, and further connections can be established, 
based on the cached identification information, without further input from the 
client or user. (Chang, Abstract) 
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Obviousness Rejections 

Lack of Prima Facie Case of Obviousness fNPEP S 2142) 

[0030] Applicant disagrees with the Examiner's obviousness rejections. 
Arguments presented herein point to various aspects of the record to 
demonstrate that all of the criteria set forth for making a prima facie case have 
not been met. 

[0031] To show obviousness, the Examiner must show that the combination 
of references teach or suggest each and every feature of a claim under 35 U.S.C. 
§ 103, despite any recent revision to the Manual of Patent Examining Procedure 
(MPEP). Section 2143.03 of the MPEP requires the "consideration" of (teach or 
suggest) every claim feature in an obviousness determination. See In re Royka, 
490 F.2d 981, 180 USPQ 580 (CCPA 1974) (to establish prima facie obviousness 
of a claimed invention, all the claim features must be taught or suggested by the 
prior art). 

[0032] As the Board of Patent Appeal and Interferences has recently 
confirmed, a proper obviousness determination requires that an Examiner make 
"a searching comparison of the claimed invention - including all its limitations - 
with the teaching of the prior art." See In re Wada and Murphy, Appeal 2007- 
3733, citing In re Ochiai, 71 F.3d 1565, 1572 (Fed. Cir. 1995). Further, the 
necessary presence of all claim features is axiomatic, since the Supreme Court 
has long held that obviousness is a "question of law based on underlying factual 
inquiries, including ... ascertaining the differences between the claimed invention 
and the prior art." Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966). 
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[0033] Indeed, the Applicant submits that this is why Section 904 of the 
MPEP instructs Examiners to conduct an art search that covers "the invention as 
described and claimed." (emphasis added). Lastly, the Applicant respectfully 
directs attention to MPEP § 2143, the instructions of which buttress the 
conclusion that obviousness requires at least a suggestion of ail of the features 
of a claim, since the Supreme Court in KSR Int'i v. Teleflex Inc. stated that "there 
must be some articulated reasoning with some rational underpinning to support 
the legal conclusion of obviousness." KSR Int'i v. Teleflex Inc., 127 S. Ct. 1727, 
1741 (2007) (quoting In re Kahn, 441 F.3d 977, 988 (Fed. Cir. 2006). 

[0034] In sum, it remains well-settled law that obviousness requires at least 
a suggestion of all of the features in a claim. See In re Wada and Murphy, citing 
CFMT, Inc. v. Yieldup Intern. Corp., 349 F.3d 1333, 1342 (Fed. Cir. 2003) and In 
re Royka, 490 F.2d 981, 985 (CCPA 1974)). 



Based upon Newcombe and Chang 

[0035] The Examiner rejects claims 16, 18-23 and 61-74 under 35 U.S.C. § 
103(a) as being unpatentable over Newcombe in view of Chang. Applicant 
respectfully traverses the rejection of these claims and asks the Examiner to 
withdraw the rejection of these claims. 
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Independent Claim 16 



[0036] The Applicant asserts that claim 16, as amended, is allowable over 
the combination of Newcombe and Chang because none of these references, 
either alone or in combination, discloses, teaches or suggests at least the 
following elements as recited in this amended claim (with emphasis added): 
"if comparing determines that the client specific data do not meet 
the first threshold of validity, then storing in a second cache memory 
a portion of the client specific data and an indication that the client 
specific data do not correspond to a valid client, wherein the 
portion of the client specific data and the indication stored in the 
second cache memory identifies a client name associated with the 
client authentication request and associates the client name with a 
negative indication of validity regardless of whether the client specific 
data includes valid proof of knowledge of privileged data, and then 
terminating the verification process." 

[0037] The Examiner admits (Action, p. 13) that Newcombe does not 
disclose the use of a cache memory. By implication, Newcombe cannot be used 
to teach or suggest actions or steps of storing or other act involving a cache 
memory. The Application at length describes why the use of cache memory is a 
feature of this claim. The Examiner thus must rely on Chang to show the use of a 
cache memory as recited in claim 16. 

[0038] The Examiner indicates (Action, p. 14) that Chang, at col. 4, lines 
17-24, and at col. 6, lines 2-3 and 47-50, discloses "storing in a second cache 
memory a portion of the client specific data and an indication that the client 
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specific data do not correspond to a valid client" as recited in claim 16. The 
Applicant respectfully disagrees. 



[0039] For convenience, Chang, col. 4, lines 17-24, is presented here: 

In one embodiment, a Smart card or Token card is used to 
obtain an OTP that can be used to establish a session with 
the network access server. In response to entering the 

15 username and one-time password, a user authorization phase 
is performed to determine whether a session should be 
established for the particular user. To perform the user 
authorization phase, the network access server forwards the 
username and one-time password to an authorization, 

20 authentication, and accounting (AAA) server to request 
authorization for establishing a session. The AAA server 
determines whether the username and OTP were previously 
cached in its memory and if so, whether the username and 
OTP are still valid. 

[0040] As can be seen, Chang discloses a "username and one-time 
password" (OTP) and a "server determines whether the username and OTP were 
previously cached in memory." There is just a single or first cache memory in this 
portion of Chang. Further, in this passage of Chang, there is no disclosure, 
teaching or suggestion of determining or storing "an indication that the client 
specific data do not correspond to a valid client" as recited in claim 16, as 
amended. Thus, this portion of Chang does not support the Examiner's assertion. 



[0041] Chang, col. 6, lines 2-3, state the following: 

As depicted AAA server 126 includes a cache that may be 
used to store username and one-time password information. 



[0042] Chang, col. 6, lines 47-50, is presented here: 
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Conversely, if the OTP is not valid, at block 316 the AAA 
server 126 sends a message to network access server 104 
indicating that a session can not be established based on the 
user identification information. 

[0043] As can be seen, Chang discloses sending a message to a "network 
access server" that a "session can not be established." As shown above, Claim 
16, as amended, recites "storing in a . . . cache memory ... an indication that 
the client specific data do not correspond to a valid client, wherein the portion of 
the client specific data and the indication stored in the . . . cache memory 
identifies a client name associated with the client authentication request and 
associates the client name with a negative indication of validity." 

[0044] If the Examiner's assertion is true that Chang discloses what is 
recited in claim 16, the Examiner is equating sending a message to a server 
(Chang) with "storing ... an indication" in a cache memory (claim 16). 

[0045] However, sending a message about the failure to authenticate is not 
the same as storing in a memory a client name or "portion of . . . client specific 
data" (e.g. an output of a hash function) along with a "negative indication." The 
benefits and advantages of storing an indication are described at length in the 
detailed description of the Application. In particular, by sending a message, an 
authentication system is left unchanged. In contrast, if implementing a system as 
recited in claim 16, an authentication system is improved. Thus, Chang fails to 
disclose, teach or suggest at least this substantial feature of claim 16. 

[0046] Accordingly, the combination of Newcombe and Chang does not 
disclose, teach or suggest all of the claimed elements or features of claim 16. 
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Accordingly, Applicant respectfully asks the Examiner to withdraw the rejection of 
this claim, as amended. 



Dependent Claims 18-23 

[0047] These claims ultimately depend upon independent claim 16. As 
discussed above, claim 16 is allowable. It is axiomatic that any dependent claim 
which depends from an allowable base claim is also allowable. Additionally, some 
or all of these claims may also be allowable for additional independent reasons. 

[0048] For example, claim 18, as amended, recites the following features 

(with emphasis added): 

"comparing the client specific data with data stored in the 
second cache memory to determine whether the client specific 
data meet a second threshold of validity and whether the 
client specific data correspond to an identity previously 
determined to be valid or invalid; and 

"if the client specific data meet the second threshold, 
transmitting a request for verification to a database containing 
client specific data/' 

[0049] The Examiner asserts the following in regard to this claim: 
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In reference to Claim 18, Newcombe and Chang further disclose comparing the 
client specific data with data stored in a second cache memory to determine when the 
client specific data meet a second threshold of validity and when the client specific data 
correspond to an identity previously determined to be valid or invalid (Newcombe, 
paragraphs 0025, 0063-0064; Chang, column 4, lines 17-24; column 6, lines 2-3 and 
47-50); transmitting a request for verification to a database containing client-specific 
data when the client specific data meet the second threshold (Newcombe, paragraphs 
0042, 0059, 0061-0062); and terminating the authentication request when the client 

specific data correspond to an identity previously determined to be invalid (Chang, 

column 6, lines 47-50). 

[0050] The Applicant respectfully disagrees that these references teach or 
suggest each and every feature of claim 18. First, neither Newcombe and Chang 
explicitly disclose a "second threshold of validity." The Examiner cites to Chang, 
col. 4, lines 17-24, and col. 6, lines 2-3 and lines 47-50. As shown above, these 
sections of Chang only disclose checking the validity of one item, a "one-time 
password." Thus, Chang does not disclose meeting a "second threshold of 
validity" as recited in claim 18. 

[0051] The Examiner also cites to various parts of Newcombe including 
para. 0025, and 0063-0064. 

[0052] With reference to paragraph 0025, Newcombe discloses the use of 
a timestamp, and two IP addresses. However, in these passages, there is no 
mention of authenticating multiple times or multiple items. Other teachings of 
Newcombe appear to be equally unavailing to show a second "threshold of 
validity." For example, in paragraph 0061 of Newcombe, the system described 
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may extract the client's remote IP address from a packet header and compare 
this address against the IP address "from within the request." 

[0053] This mechanism of Newcombe is substantially different from the 
language of claims 16 and 18. Specifically, claim 18 recites that "whether the 
client specific data correspond to an identity previously determined to be 
valid or invalid" (emphasis added). None of the paragraphs of Newcombe cited 
by the Examiner, paragraphs 0025, 0042, 0056, and 0061-0064, teach or suggest 
accessing information indicating whether an identity has been "previously 
determined to be valid" or invalid. This feature of claim 18 should not be ignored, 
and this is at least one substantive difference between claim 18, as amended, 
and the combination of Newcombe and Chang. 

[0054] Further, upon close inspection, these two references do not disclose 
the following features of claim 18: "if the client specific data meet the second 
threshold, transmitting a request for verification to a database containing client 
specific data." Even if an IP address or timestamp or other piece of data of 
Newcombe is considered a "second" threshold, there is no teaching or 
suggesting of transmitting a request "for verification" to a database of "client 
specific data" after passing a second threshold. The Examiner cites to 
Newcombe, paragraphs 0042, 0059, and 0061-0065. However, these paragraphs 
are devoid of this teaching and do not suggest a transmitting to a database, and 
especially not of transmitting to a database after passing a second threshold. 
Accordingly, this is at least one additional substantive difference between claim 
18, as amended, and the combination of Newcombe and Chang. 
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[0055] Based on at least these additional differences, claim 18, as 
amended, is allowable over the combination of Newcombe and Chang. 



Independent Claim 61 

[0056] The Applicant asserts that claim 61, as amended, is allowable over 
the combination of Newcombe and Chang because none of these references, 
either alone or in combination, discloses, teaches or suggests at least the 
following elements as recited in this amended claim (with emphasis added): 
"if comparing determines that the client specific data meet 
the first threshold of validity, proceed with authentication by 
comparing the client specific data with data stored in a second cache 
memory to determine whether the client specific data meet a second 
threshold of validity and whether the client specific data 
correspond to an identity previously determined to be valid or 
invalid; 

"if the client specific data meet the second threshold, 
transmitting a request for verification to a database containing 
client-specific data/' 

[0057] The Examiner admits (Action, p. 16) that Newcombe does not 
disclose the use of a cache memory or "further specific functions of the server as 
claimed." The Examiner thus must rely on Chang to show the use of a cache 
memory and "further specific functions" as recited in claim 61. 
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[0058] The Examiner indicates (Action, p. 16) that Chang, at col. 4, lines 
17-24, and at col, 6, lines 2-3 and 47-50, discloses a second cache memory, a 
second threshold of validity, and "whether the client specific data correspond to 
an identity previously determined to be valid or invalid." The Applicant 
respectfully disagrees. 

[0059] For convenience, Chang, col. 4, lines 17-24, is presented here: 

In one embodiment, a Smart card or Token card is used to 
obtain an OTP that can be used to establish a session with 
the network access server. In response to entering the 

15 username and one-time password, a user authorization phase 
is performed to determine whether a session should be 
established for the particular user. To perform the user 
authorization phase, the network access server forwards the 
username and one-time password to an authorization, 

20 authentication, and accounting (AAA) server to request 
authorization for establishing a session. The AAA server 
determines whether the username and OTP were previously 
cached in its memory and if so, whether the username and 
OTP are still valid. 

[0060] As can be seen, Chang discloses a "username and one-time 
password" (OTP) and a "server determines whether the username and OTP were 
previously cached in memory." There is just a single or first cache memory in this 
portion of Chang. Further, in this passage of Chang, there is no disclosure, 
teaching or suggestion of "data stored in a second cache memory" and 
determining if "whether the client specific data meet a second threshold of 
validity" as recited in claim 61, as amended. Thus, this portion of Chang does not 
support the Examiner's assertion. 
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[0061] Chang, col. 6, lines 2-3, state the following: 

As depicted AAA server 126 includes a cache that may be 
used to store username and one-time password information. 

[0062] Chang, col. 6, lines 47-50, is presented here for convenience: 

Conversely, if the OTP is not valid, at block 316 the AAA 
server 126 sends a message to network access server 104 
indicating that a session can not be established based on the 
user identification information. 

[0063] As can be seen, Chang discloses sending a message to a "network 
access server" that a "session can not be established." On the other hand, claim 
61, as amended, recites a second cache memory, a second threshold of validity, 
and "whether the client specific data correspond to an identity previously 
determined to be valid or invalid" after or if "comparing determines that the 
client specific data meet the first threshold of validity." These passages in col. 6 
of Chang, do not disclose, teach or suggest "data stored in a second cache 
memory" and determining if "whether the client specific data meet a second 
threshold of validity" as recited in claim 61, as amended. Thus, this portion of 
Chang does not support the Examiner's assertion. 

[0064] Further, the Examiner asserts that Chang, at col. 6, lines 47-50, 
discloses "transmitting a request for verification to a database." However, as can 
be seen in this passage of Chang, there is only the sending of "a message to a 
network access server." Sending a message is not the same what is recited in 
claim 61. Specifically, claim 61, as amended, recites "if the client specific data 
meet the second threshold, transmitting a request for verification to a database 
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containing client-specific data." Thus, as required by claim 61, two thresholds of 
validity must be met before sending a request to a database. Chang does not 
disclose a database, but a server. A server is not the same as a database. 
Further, as shown above, Chang does teach or suggest a database for 
verification of a request, especially with the requirement of passing two 
thresholds of validity. Newcombe is also unavailing. 

[0065] Accordingly, the combination of Newcombe and Chang does not 
disclose, teach or suggest all of the claimed elements or features of claim 61. 
Accordingly, Applicant respectfully asks the Examiner to withdraw the rejection of 
this claim, as amended. 

Dependent Claims 62-68 

[0066] These claims ultimately depend upon independent claim 61. As 
discussed above, claim 61 is allowable. It is axiomatic that any dependent claim 
which depends from an allowable base claim is also allowable. Additionally, some 
or all of these claims may also be allowable for additional independent reasons. 

[0067] For example, claim 63, as amended, recites the following features 

(with emphasis added): 

"store ... at least a portion of the client specific data in the 
second cache memory along with an indication that the client 
specific data do not correspond to a valid ciient if comparing 
determines that the client specific data do not meet the first 
threshold." 



Serial No.: 10/608,653 

Atty Docket No.: MS1-1430US "51- | ee ^p|-, a y es The Busjnessof ^ 

Atty/Agent: John C. Meline imW|]Bn> 5033213256 



[0068] The Examiner asserts the following in regard to this claim: 

In reference to Claim 63, Newcombe and Chang further discloses storing at least 
a portion of the client specific data in a second cache memory along with an indication 
that the client specific data do not correspond to a valid client if it is determined that the 
client specific data do not meet the first threshold (Newcombe, paragraphs 0025, 0042, 
0047-0048; Chang, column 4, lines 17-24; column 6, lines 2-3 and 47-50). 

[0069] The Applicant respectfully disagrees that these references teach or 
suggest each and every feature of claim 63. 

[0070] First, as shown above, the passages of Chang cited by the Examiner 
do not disclose a "second cache memory." As to Newcombe, paragraphs 0025, 
0042, and 0047-0048, disclose the use of two servers and a timestamp, two IP 
addresses, and a hashed salted password. These passages also disclose 
forwarding a user ticket and authenticating and validating clients through the 
user ticket. 

[0071] However, after a thorough review of these passages, there is no 
disclosure, teaching or suggestion of a "second cache memory" or the storing of 
an "indication that the client specific data do not correspond to a valid client" in 
the second cache memory. Thus, neither, Chang, Newcombe, nor the 
combination of these two references, supports the Examiner's assertion that 
these features of claim 63 are taught or disclosed therein. Accordingly, claim 63 
is allowable over the combination of these two references based on these 
additional features. The Applicant respectfully asks the Examiner to withdraw the 
rejection of claim 63 on this additional basis. 
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Independent Claim 69 



[0072] The Applicant asserts that claim 69, as amended, is allowable over 
the combination of Newcombe and Chang because none of these references, 
either alone or in combination, discloses, teaches or suggests at least the 
following elements as recited in this amended claim (with emphasis added): 

"if comparing determines that the client-specific data do not meet 
the first threshold of validity, then storing the name, the client key, 
and validity/invalidity indicators in a second cache memory, wherein 
the name stored in the second cache memory is associated with a 
validity indication regardless of whether the client key or the proof of 
knowledge for the client key matches data in an associated authentication 
database, and terminating the verification process." 

[0073] The Examiner admits (Action, p. 18) that Newcombe does not 
disclose the use of a cache memory. The Examiner thus must rely on Chang to 
show the use of a cache memory, and the functions associated with the cache 
memory, as recited in claim 69. 

[0074] The Examiner indicates (Action, p. 19) that Chang, at col. 4, lines 
17-24, and at col. 6, lines 2-3 and 47-50, discloses a second cache memory and 
"storing" various information "in a second cache memory, wherein the name 
stored in the second cache memory is associated with a validity indication." The 
Applicant respectfully disagrees. 

[0075] For convenience, these passages of Chang have been presented 
above in reference to other claims and are not repeated here. As was shown in 
reference to the other independent claims including claim 1, Chang discloses a 
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"username and one-time password" (OTP) and a "server determines whether the 
username and OTP were previously cached in memory." There is just a single or 
first cache memory in Chang. However, in these passages and other portions of 
Chang, there simply is no disclosure, teaching or suggestion of data being stored 
in a second cache memory, especially where "the name stored in the second 
cache memory is associated with a validity indication" with the qualification that 
this storing is only done "if [the first] comparing determines that the client- 
specific data do not meet the first threshold of validity." Thus, Chang does not 
support the Examiner's rejection of claim 69 in view of the specific language 
recited in claim 69, as amended. 

[0076] Accordingly, the combination of Newcombe and Chang does not 
disclose, teach or suggest all of the claimed elements or features of claim 69. 
Accordingly, Applicant respectfully asks the Examiner to withdraw the rejection of 
this claim, as amended. 



Independent Claim 70 

[0077] The Applicant asserts that claim 70, as amended, is allowable over 
the combination of Newcombe and Chang because none of these references, 
either alone or in combination, discloses, teaches or suggests at least the 
following elements as recited in this amended claim (with emphasis added): 
if comparing determines that the first client specific data 
do not meet the first threshold of validity, then storing a portion of 
the client specific data in a second cache memory along with an 
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indication that the client specific data do not correspond to a 
valid client, the portion of the client specific data stored in the second 
cache memory identifying a client name associated with the client 
authentication request and associating the client name with a 
validity indication regardless of whether the client specific data 
included valid proof of knowledge of privileged data, and then terminating 
the verification process." 

[0078] The Examiner admits (Action, p. 19) that Newcombe does not 
disclose the use of a cache memory. The Examiner thus must rely on Chang to 
show the use of a cache memory, and the functions associated with the cache 
memory, as recited in claim 70. 

[0079] The Examiner rejects claim 70 on substantially the same basis as 
claim 69 and indicates (Action, p. 19) that Chang, at col. 4, lines 17-24, and at 
col. 6, lines 2-3 and 47-50, discloses a second cache memory and "storing" 
various information "in a second cache memory, wherein the name stored in the 
second cache memory is associated with a validity indication." The Applicant 
respectfully disagrees. 

[0080] For convenience, these passages of Chang have been presented 
above in reference to other claims and are not repeated here. As was shown in 
reference to the other independent claims including claim 1, Chang discloses a 
"username and one-time password" (OTP) and a "server determines whether the 
username and OTP were previously cached in memory." 

[0081] There is just a single or first cache memory in Chang. However, in 
these passages and other portions of Chang, there simply is no disclosure, 
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teaching or suggestion of data being stored in a second cache memory, 
especially where "the name stored in the second cache memory is associated 
with a validity indication" with the qualification that this storing is only done "if 
[the first] comparing determines that the client-specific data do not meet the 
first threshold of validity." Thus, Chang does not support the Examiner's rejection 
of claim 70 in view of the specific language recited in claim 70, as amended. 

[0082] Accordingly, the combination of Newcombe and Chang does not 
disclose, teach or suggest all of the claimed elements or features of claim 70. 
Accordingly, Applicant respectfully asks the Examiner to withdraw the rejection of 
this claim, as amended. 

Dependent Claims 71-74 

[0083] These claims ultimately depend upon independent claim 70. As 
discussed above, claim 70 is allowable. It is axiomatic that any dependent claim 
which depends from an allowable base claim is also allowable. Additionally, some 
or all of these claims may also be allowable for additional independent reasons, 

Dependent Claims 

[0084] If not previously addressed individually, in addition to its own merits, 
each dependent claim is allowable for the same reasons that its base claim is 
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allowable. Applicant requests that the Examiner withdraw the rejection of each 
dependent claim where its base claim is allowable. 



Conclusion 

[0085] All pending claims are in condition for allowance. Applicant 
respectfully requests reconsideration and prompt issuance of the application. If 
any issues remain that prevent issuance of this application/ the Examiner as 
urged to contact me before issuing a subsequent Action . Please call/email 
me or my assistant at your convenience. 



Respectfully Submitted, 



Lee & Hayes, PLLC 
Attorneys for Applicant 




Dated: Zoog-o^-Z Z 



John Meline (iohnm(5)leehaves.com ; x257) 
Registration No. 58,280 

Assistant: Megan Arnold ( meqan@leehaves.com ; x270) 
Customer No. 22801 

Telephone: (509) 324-9256 
Facsimile: (509) 323-8979 
www.leehaves.com 
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